backdoor.trojan in svcpack.exe

Discussion in 'malware problems & news' started by tomsbug, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. tomsbug

    tomsbug Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    1
    Hi I recieved a notification of a virus, ran norton to delete them, and am still getting a notice that the virus is present in system32/svcpack.exe. How can i delete it from this or clean up that virus? Thanks
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi tomsbug,

    Follow these steps, in exactly that order.
    Start your computer in Safe Mode, and find and delete the C:\WINDOWS\system32\svcpack.exe file.
    Next, STILL in Safe Mode (it may help if you print this out...) do the following, in that order:
    Copy the bold text to Notepad, and save as Remove.reg (make sure you save as type 'all files' )
    Doubleclick Remove.reg, and answer yes when asked to add its contents to the Registry.

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectPlugin]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "SVC Service"= -


    Then boot normally and download, unzip and run: http://www.spywareinfoforum.com/~merijn/files/cwshredder.zip

    Regards,

    Pieter
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    A little late, but if this is on Windows 2000 or XP, you also need to download and run this vbs file in order to restore the default Windows WinLogon/UserInit registry value data, which will have been hacked by this hijacker: http://www.mjc1.com/files/mo/

    Cheers,
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.